Invoke sudo privileges only for sections
At some point, my go program runs a command with
CLONE_NEWPID flag which requires
CAP_SYS_ADMIN privilege. The user is invited to use sudo for running the program but it results in the creation of folders with root ownership. I would like the environment to be cleanable without sudo.
Can the program invoked with sudo be executed as if it were being run by the original user, except in sections that need special privileges?
if your goal is to avoid the creation of folders with root ownership, you could use the setuid and setgid system calls to set the effective user ID and effective group ID of the process to the original user's UID and GID before running the command that requires the CAP_SYS_ADMIN privilege, but it's important to be aware of the risks involved and make sure that the solution is secure.